From 90efc1ec8c9f3cab7f43427513f23f6aadbccf88 Mon Sep 17 00:00:00 2001
From: Vignesh Venkat <vigneshv@google.com>
Date: Thu, 2 May 2024 15:47:34 -0700
Subject: [PATCH] obu: Handle size == 0 in avifBitsInit

If size == 0, eof has to be set to 1 in avifBitsInit for the
rest of the code to work as intended. Otherwise the first byte
is read unconditionally which is incorrect.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68568
---
 src/obu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/obu.c b/src/obu.c
index 60e41bf7f3..abd26282af 100644
--- a/src/obu.c
+++ b/src/obu.c
@@ -66,7 +66,7 @@ static void avifBitsInit(avifBits * const bits, const uint8_t * const data, cons
     bits->bitsLeft = 0;
     bits->state = 0;
     bits->error = 0;
-    bits->eof = 0;
+    bits->eof = (size == 0);
 }
 
 static void avifBitsRefill(avifBits * const bits, const uint32_t n)